> It is becoming an interesting tossup, between the above, but if you're
> serious, go with Solaris 2.5 - even if you have the Linux source code,
> you don't want to look at that `mess'.
I see Mr Darren Reed has yet to become a serious and realistic member of
the technical community. In case Mr Reed isnt aware of it, randomly branding
other people's code "A mess" isn't a serious technical critique.
I would not use Solaris 2.5 because
a) It can leak data across the firewall (try sending 1 byte of data and looking
at what comes out in the rest of the ethernet frame, bits of old frames
from the other side occasionally) [Quite common with a lot of OS's that one
and one I now always check for]
b) Its got the streams authentication bugs that Sun havent fixed after being
told of them about SIX months ago now. That one doesn't directly affect a
firewall but its a good example of the speed of Sun fixes at times. Note
that it can affect a firewall using ssh, or anything where a user can get
a stream handle created by root. In those cases the user (root or otherwise)
can issue most networking ioctl calls (SIOCSIFADDR etc) and they work. BSD
has a similar potential problem with this and their use of a priv flag
set when the socket is root created but never cleared. However they also do
enough other authentication to stop you.
I wouldn't use Linux Sparc because its still a development project and not
a production level code base. Nobody I hope runs firewalls on pre-release
systems ;)
SunOS 4.1.4 looks promising but I'd like to know if it has the leaking bytes
bug before I went near it for a firewall. Ditto NetBSD, although with netbsd
I can at least fix it in the source code by cleaning mbuf's properly or
tweaking drivers to zero end fill buffers properly.
Alan
Follow-Ups:
|
|
